As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Sysadmin] Nightmare fuel

1235799

Posts

  • bowenbowen How you doin'? Registered User regular
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    me - "okay, so I'm going to explain what happened, because you're one of the few people who does this. You opened up two instances of the program, one in our RDP server and one on your desktop, and put them on different monitors because you weren't paying attention

    You should probably protect them from themselves and not have this be possible, if that's... ehhrr... possiblah...

    I hate every one of our clients that choose to have this 'one-foot-in-one-foot-out' sort of RDP environment. Users always fuck it up.

    I mean, I could, but if they don't log out properly it'd be just as fucking annoying dealing with it.

    .... meaning...? I don't follow. Take the program off their desktop. Now they can only log into it in one place.

    Program is a resource hog, they're supposed to use it on their desktop.

    RDP stuff is for remote users.

    But I'm also not putting citrix on everyone's desktops because fuck that noise, so the citrix stuff is centrally localized because hospitals seem to be sucking citrix's dicks. And we have 4 hospitals we service here in CNY.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • CogCog Registered User regular
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    me - "okay, so I'm going to explain what happened, because you're one of the few people who does this. You opened up two instances of the program, one in our RDP server and one on your desktop, and put them on different monitors because you weren't paying attention

    You should probably protect them from themselves and not have this be possible, if that's... ehhrr... possiblah...

    I hate every one of our clients that choose to have this 'one-foot-in-one-foot-out' sort of RDP environment. Users always fuck it up.

    I mean, I could, but if they don't log out properly it'd be just as fucking annoying dealing with it.

    .... meaning...? I don't follow. Take the program off their desktop. Now they can only log into it in one place.

    Program is a resource hog, they're supposed to use it on their desktop.

    RDP stuff is for remote users.

    But I'm also not putting citrix on everyone's desktops because fuck that noise, so the citrix stuff is centrally localized because hospitals seem to be sucking citrix's dicks. And we have 4 hospitals we service here in CNY.

    Restrict access to the executable.

  • bowenbowen How you doin'? Registered User regular
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    me - "okay, so I'm going to explain what happened, because you're one of the few people who does this. You opened up two instances of the program, one in our RDP server and one on your desktop, and put them on different monitors because you weren't paying attention

    You should probably protect them from themselves and not have this be possible, if that's... ehhrr... possiblah...

    I hate every one of our clients that choose to have this 'one-foot-in-one-foot-out' sort of RDP environment. Users always fuck it up.

    I mean, I could, but if they don't log out properly it'd be just as fucking annoying dealing with it.

    .... meaning...? I don't follow. Take the program off their desktop. Now they can only log into it in one place.

    Program is a resource hog, they're supposed to use it on their desktop.

    RDP stuff is for remote users.

    But I'm also not putting citrix on everyone's desktops because fuck that noise, so the citrix stuff is centrally localized because hospitals seem to be sucking citrix's dicks. And we have 4 hospitals we service here in CNY.

    Restrict access to the executable.

    Not easy. People can become remote without notice to me.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • wunderbarwunderbar What Have I Done? Registered User regular
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    me - "okay, so I'm going to explain what happened, because you're one of the few people who does this. You opened up two instances of the program, one in our RDP server and one on your desktop, and put them on different monitors because you weren't paying attention

    You should probably protect them from themselves and not have this be possible, if that's... ehhrr... possiblah...

    I hate every one of our clients that choose to have this 'one-foot-in-one-foot-out' sort of RDP environment. Users always fuck it up.

    I mean, I could, but if they don't log out properly it'd be just as fucking annoying dealing with it.

    .... meaning...? I don't follow. Take the program off their desktop. Now they can only log into it in one place.

    Program is a resource hog, they're supposed to use it on their desktop.

    RDP stuff is for remote users.

    But I'm also not putting citrix on everyone's desktops because fuck that noise, so the citrix stuff is centrally localized because hospitals seem to be sucking citrix's dicks. And we have 4 hospitals we service here in CNY.

    Restrict access to the executable.

    Not easy. People can become remote without notice to me.

    Fix your process so that doesn't happen.

    /s

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    Cog
  • CogCog Registered User regular
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    me - "okay, so I'm going to explain what happened, because you're one of the few people who does this. You opened up two instances of the program, one in our RDP server and one on your desktop, and put them on different monitors because you weren't paying attention

    You should probably protect them from themselves and not have this be possible, if that's... ehhrr... possiblah...

    I hate every one of our clients that choose to have this 'one-foot-in-one-foot-out' sort of RDP environment. Users always fuck it up.

    I mean, I could, but if they don't log out properly it'd be just as fucking annoying dealing with it.

    .... meaning...? I don't follow. Take the program off their desktop. Now they can only log into it in one place.

    Program is a resource hog, they're supposed to use it on their desktop.

    RDP stuff is for remote users.

    But I'm also not putting citrix on everyone's desktops because fuck that noise, so the citrix stuff is centrally localized because hospitals seem to be sucking citrix's dicks. And we have 4 hospitals we service here in CNY.

    Restrict access to the executable.

    Not easy. People can become remote without notice to me.

    I guarantee if this is the fix you implement, you'll start getting notified.

    Security group, Remote_<Program>_Users gets access to the executable. Current remote users go in the group. Everyone else doesn't.

  • VoodooVVoodooV Registered User regular
    Are there any Microsoft SCCM experts in here? I work IT in a gov't agency, and all of State IT is being consolidated under one agency and as you can imagine, it's just going so swell.

    Their SCCM team seems to set up all of their application deployments where they use the supercedence options to uninstall any previous versions of an application before installing the new version. It's caused havoc on 3 separate occasions now and have made upgrades very frustrating for our users, not to mention myself because they all complain to me. The SCCM team keeps claiming that it's part of their best practices and "makes things cleaner" and they have been unresponsive when I've made complaints about this issue.

    In my 20 years of working IT, I never needed to ever uninstall a previous version of an app, before upgrading to a new version. Yeah, all programs are definitely different and all have their quirks, but virtually every application I've ever worked with seems to do a direct upgrade just fine and if something needs to be removed before upgrading to the newer version, it's handled internally with the MSI or setup.exe. I think the only time I've needed to uninstall an app is if something got corrupted, but that's pretty specific and rare.

    on one occasion, the uninstall of the old app which triggered an unprompted reboot and because we use whole disk encryption with a preboot login, basically stopped the deployment from happening. A direct upgrade would not have had this problem. On an another instance, the uninstall somehow changed some major settings in the program, and again, manually doing a direct upgrade kept all previous settings. In this latest incident, I don't think the uninstall per-se would have caused a problem, but it turns out the old application in SCCM was broken so it couldn't cache the download of the old version, which again, prevented the upgrade from happening, once again, direct upgrade wouldn't have had this issue.

    Am I just living in bizarro world not uninstalling my apps before upgrades? or are they?

  • bowenbowen How you doin'? Registered User regular
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    Cog wrote: »
    bowen wrote: »
    me - "okay, so I'm going to explain what happened, because you're one of the few people who does this. You opened up two instances of the program, one in our RDP server and one on your desktop, and put them on different monitors because you weren't paying attention

    You should probably protect them from themselves and not have this be possible, if that's... ehhrr... possiblah...

    I hate every one of our clients that choose to have this 'one-foot-in-one-foot-out' sort of RDP environment. Users always fuck it up.

    I mean, I could, but if they don't log out properly it'd be just as fucking annoying dealing with it.

    .... meaning...? I don't follow. Take the program off their desktop. Now they can only log into it in one place.

    Program is a resource hog, they're supposed to use it on their desktop.

    RDP stuff is for remote users.

    But I'm also not putting citrix on everyone's desktops because fuck that noise, so the citrix stuff is centrally localized because hospitals seem to be sucking citrix's dicks. And we have 4 hospitals we service here in CNY.

    Restrict access to the executable.

    Not easy. People can become remote without notice to me.

    I guarantee if this is the fix you implement, you'll start getting notified.

    Security group, Remote_<Program>_Users gets access to the executable. Current remote users go in the group. Everyone else doesn't.

    You'd think so.

    But I get emails like this when someone starts working for us:

    1Z0KqsG.png

    I got that friday night at 5, as you can see.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    Is your response "that's a damn shame?"

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
    Cog
  • bowenbowen How you doin'? Registered User regular
    it was a few years ago

    but yeah I made them wait 3 days before I did it

    also they only gave me "Pat" which was not enough to even create a user

    first name, last name, middle initial at a minimum

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SeidkonaSeidkona Had an upgrade Registered User regular
    Finally got the proxy working.

    It was a long slog of changing header options and trying different approaches but it finally passes data.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • wunderbarwunderbar What Have I Done? Registered User regular
    bowen wrote: »
    it was a few years ago

    but yeah I made them wait 3 days before I did it

    also they only gave me "Pat" which was not enough to even create a user

    first name, last name, middle initial at a minimum

    I would have made an account named Pat Pat, with an email address [email protected]

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    SeidkonadonavannjbowenCogBigityMvrck
  • donavannjdonavannj Registered User regular
    bowen wrote: »
    it was a few years ago

    but yeah I made them wait 3 days before I did it

    also they only gave me "Pat" which was not enough to even create a user

    first name, last name, middle initial at a minimum

    You should really evaluate working with HR or your boss directly to get a mandatory week lead time on account creation and that account creation requests should be submitted to you through HR. We put our foot down on this and it's mostly cut down on last minute emails to us for account creations. Then again, in my department there are 7 of us versus probably just you in yours so that may not be viable or even worth your time.

    steam_sig.png
  • bowenbowen How you doin'? Registered User regular
    donavannj wrote: »
    bowen wrote: »
    it was a few years ago

    but yeah I made them wait 3 days before I did it

    also they only gave me "Pat" which was not enough to even create a user

    first name, last name, middle initial at a minimum

    You should really evaluate working with HR or your boss directly to get a mandatory week lead time on account creation and that account creation requests should be submitted to you through HR. We put our foot down on this and it's mostly cut down on last minute emails to us for account creations. Then again, in my department there are 7 of us versus probably just you in yours so that may not be viable or even worth your time.

    Yeah I told her if she needs accounts I need a week. After having to wait 3 days for "Pat" (Patricia) because I was on vacation, they kind of changed their habits.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    donavannj
  • wunderbarwunderbar What Have I Done? Registered User regular
    so I just had to look up a hardware asset, an older one. an older naming convention that used to be used here was heavily user based. So the computer name would be first initial, first 2 letters of last name, first 2 letters of computer make, then computer model number. (this is kind of dumb and I've changed it for new machines going forward). So we have a user with the first initial T, last name starts with Pa, using an older inspiron machine.

    Computer name: TPAIN545

    I'm going to start calling her T-Pain now and she's going to have no idea why.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    InfidelbowenCogShadowfireMugsleyFeralDonovan PuppyfuckerMvrckJaysonFour
  • CogCog Registered User regular
    I'm sitting in a meeting at a client site and my part is done and now they're talking site-to-site connectivity so I'm goofing off.

    Shhhhhhhhhhhh.

  • BigityBigity Lubbock, TXRegistered User regular
    Quick question folks:

    We deploy a bunch of Dell zero clients for users to access VDI desktops (horizon).

    My question is, can some module of Solarwinds track these assets?

    Can SCCM?

    I haven't dealt with SCCM in years and don't have much access to our SCCM or Solarwinds. Our infrastructure provider is saying there is no way to asset track these zero clients outside of hardcopy records and spreadsheets, which sounds suspect to me at best.

    76561198017303226.png
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    I just used drakehotlineblingmeme.jpg in an email to my department.

    How do you do, fellow kids?

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • BigityBigity Lubbock, TXRegistered User regular
    Bigity wrote: »
    Quick question folks:

    We deploy a bunch of Dell zero clients for users to access VDI desktops (horizon).

    My question is, can some module of Solarwinds track these assets?

    Can SCCM?

    I haven't dealt with SCCM in years and don't have much access to our SCCM or Solarwinds. Our infrastructure provider is saying there is no way to asset track these zero clients outside of hardcopy records and spreadsheets, which sounds suspect to me at best.

    *According to our Dell rep at least (where we by the zero clients, the answer is no as well). WDM seems to be about the only option.

    76561198017303226.png
  • SeidkonaSeidkona Had an upgrade Registered User regular
    edited November 2017
    Feral wrote: »
    I just used drakehotlineblingmeme.jpg in an email to my department.

    How do you do, fellow kids?

    Hey everyone! Get this square over here trying to impersonate being with it.

    Seidkona on
    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
    FeralCog
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    yeah if the thin client boxes aren't going to let you install the asset management clients you're stuck with like

    scraping the network for MAC addresses?

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    If they're thin clients, they're running Windows Embedded which can be managed through Microsoft tools like SCCM.

    If they're zero clients, then they're running Teradici PCoIP chips and have to be managed through either Dell WYSE Device Management or Teradici PCoIP Management. I don't know (off the top of my head) of any other platforms that can manage Teradici devices.

    Solarwinds can monitor them for uptime via SNMP but I don't think you can do much with Solarwinds to manage them.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • CogCog Registered User regular
    Dell WDM is a fucking steaming shitheap, btw.

    Have fun with that.

  • wunderbarwunderbar What Have I Done? Registered User regular
    Cog wrote: »
    Dell WDM is a fucking steaming shitheap, btw.

    Have fun with that.

    Not if you read the install guide it isn't.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    Donovan Puppyfucker
  • bowenbowen How you doin'? Registered User regular
    this iDRAC thing is fucking amazing

    10/10

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    CogSeidkonawunderbar
  • CogCog Registered User regular
    bowen wrote: »
    this iDRAC thing is fucking amazing

    10/10

    Most major vendors have some sort of lights-out management. HP has iLO, Dell has iDRAC, Fujitsu has IRMC.

    Dell's is by far the best.

    Would buy again.

  • bowenbowen How you doin'? Registered User regular
    I never liked iLO

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    I usually just turn iDRAC off.

    We don't use it and its just another thing to patch and monitor.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • electricitylikesmeelectricitylikesme Registered User regular
    Cog wrote: »
    bowen wrote: »
    this iDRAC thing is fucking amazing

    10/10

    Most major vendors have some sort of lights-out management. HP has iLO, Dell has iDRAC, Fujitsu has IRMC.

    Dell's is by far the best.

    Would buy again.

    Genuine question: why would you think this? iDRAC is an over underengineered dumpster fire with half implemented automation options.

    iLO actually has decent support in Ansible and doesn't require a server reboot for every single change.

  • wunderbarwunderbar What Have I Done? Registered User regular
    So our enviornment is almost entirely physical, as I've mentioned in the past. I'm doing after hours windows updates.

    our primary domain controller barely came back. It took me like 6 tries to get it past a pre-boot efi error. Our second domain controller is actually a VM, which didn't start when the host server it is on decided not to connect the iSCSI connection to the SAN where the VHD lives, so both domain controllers were down. that meant that there were no working DNS servers.

    Things broke.

    Just random shit broken everywhere. And dumb shit like sharepoint site 1 is broken because some of the IIS application pools didn't restart. Sharepoint site 2 (that literally came back up as I was typing this) is was down because the SQL server the databases live on lost it's shit because it came back up when both DC's were down. Exchange took 30 minutes to reboot, I'm assuming because there were no DC's available.

    Kill me.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    ArcSyn
  • bowenbowen How you doin'? Registered User regular
    So I finally got my new server up and running with iDRAC and VMWare with multiple nics on the virtual switch.

    Now I want to start setting up VMs but want to have a good naming scheme.

    Should I go with elements? Hydrogen, Helium, etc ?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    Seidkona
  • bowenbowen How you doin'? Registered User regular
    I guess it'd make more sense to do their role and a ##

    Like SSH01 or WEB01 or whatever

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    AiouaFeralCogRandomHajile
  • SiliconStewSiliconStew Registered User regular
    While that's fun at first, it's a real pain in the ass later when someone needs to remember what does what. You don't want your mail server going down in the middle of the day because someone accidentally rebooted Trout instead of Tuna.

    Just remember that half the people you meet are below average intelligence.
    bowenAiouaSeidkonaFeralFeldorn
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    Yeah save the cute names for the conference rooms and the test environments.

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
    bowenFeralFeldorn
  • bowenbowen How you doin'? Registered User regular
    even after the hiccups that were me being boneheaded I am enjoying how great everything is and how easy it is to all manage

    this would make working from home stupid easy

    now if I can figure out a way to set up this all securely so I don't need to SSH to access it all

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    Feral
  • wunderbarwunderbar What Have I Done? Registered User regular
    yea all of our existing servers are named after greek gods. It's awful and impossible to remember which server does what aside from just pure repetition in memory. Another thing I'm fixing as I start to virtualize.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    Feral
  • bowenbowen How you doin'? Registered User regular
    is Zeus the domain controller?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    Aioua
  • wunderbarwunderbar What Have I Done? Registered User regular
    bowen wrote: »
    is Zeus the domain controller?

    sadly no. I think the one before the current one was.

    It was all done as a "security through obscurity" methodology ignoring the fact that if the attacker is far enough into your network that they can read your hostnames you're already screwed no matter what those hostnames are.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    bowenSeidkonaFeral
  • bowenbowen How you doin'? Registered User regular
    edited November 2017
    How many CPUs/Cores and how much memory should I dedicate to my MySQL server? It's currently storing about 6 gigs (it is growing quickly though), it seems to tack on about 2-3 gigs a year. (Do you think 60 gigs of hard drive is good too?)

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    Uh that's not a Windows server right?

    Cause 60 way too small for that, if you want to future proof for update bloat.

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • bowenbowen How you doin'? Registered User regular
    Nope, I'm moving my MySQL server to ubuntu, I gave it 100 gb of storage, just wondering on CPU/Core count and memory at this point.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
This discussion has been closed.